Discussions

Ask a Question

New SSO User assigned to wrong Organization

When a new user logs in via Azure they are assigned to the wrong Organization. I checked the Settings and it is all setup the way I want it.

Traceback pritunl_1.30.3098.52-0debian1.buster_amd64

Greetings ``` Mar 10 21:34:30 mscow systemd[1]: Started Pritunl Daemon. Mar 10 21:34:30 mscow pritunl[30263]: ############################################################## Mar 10 21:34:30 mscow pritunl[30263]: # # Mar 10 21:34:30 mscow pritunl[30263]: # /$$ /$$ /$$ # Mar 10 21:34:30 mscow pritunl[30263]: # |__/ | $$ | $$ # Mar 10 21:34:30 mscow pritunl[30263]: # /$$$$$$ /$$$$$$ /$$ /$$$$$$ /$$ /$$ /$$$$$$$ | $$ # Mar 10 21:34:30 mscow pritunl[30263]: # /$$__ $$ /$$__ $$| $$|_ $$_/ | $$ | $$| $$__ $$| $$ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$ \ $$| $$ \__/| $$ | $$ | $$ | $$| $$ \ $$| $$ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$ | $$| $$ | $$ | $$ /$$| $$ | $$| $$ | $$| $$ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$$$$$$/| $$ | $$ | $$$$/| $$$$$$/| $$ | $$| $$ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$____/ |__/ |__/ \____/ \______/ |__/ |__/|__/ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$ # Mar 10 21:34:30 mscow pritunl[30263]: # | $$ # Mar 10 21:34:30 mscow pritunl[30263]: # |__/ # Mar 10 21:34:30 mscow pritunl[30263]: # # Mar 10 21:34:30 mscow pritunl[30263]: ############################################################## Mar 10 21:34:30 mscow pritunl[30263]: Traceback (most recent call last): Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/bin/pritunl", line 33, in <module> Mar 10 21:34:30 mscow pritunl[30263]: sys.exit(load_entry_point('pritunl==1.30.3098.52', 'console_scripts' , 'pritunl')()) Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/__main__.py ", line 502, in main Mar 10 21:34:30 mscow pritunl[30263]: pritunl.init_server() Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/__init__.py ", line 18, in init_server Mar 10 21:34:30 mscow pritunl[30263]: from pritunl import app Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/app.py", li ne 4, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl import logger Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/logger/__in it__.py", line 3, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl.logger.handler import LogHandler, log_queue Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/logger/hand ler.py", line 1, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl.logger.view import LogView Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/logger/view .py", line 4, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl import utils Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/utils/__ini t__.py", line 1, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl.utils.cert import * Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/utils/cert. py", line 2, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from pritunl.utils.misc import check_output_logged, get_temp_path Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/pritunl/utils/misc. py", line 15, in <module> Mar 10 21:34:30 mscow pritunl[30263]: import flask Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/flask/__init__.py", line 14, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from jinja2 import escape Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/jinja2/__init__.py" , line 12, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from .environment import Environment Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/jinja2/environment. py", line 25, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from .defaults import BLOCK_END_STRING Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/jinja2/defaults.py" , line 3, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from .filters import FILTERS as DEFAULT_FILTERS # noqa: F401 Mar 10 21:34:30 mscow pritunl[30263]: File "/usr/lib/pritunl/lib/python3.7/site-packages/jinja2/filters.py", line 13, in <module> Mar 10 21:34:30 mscow pritunl[30263]: from markupsafe import soft_unicode Mar 10 21:34:30 mscow pritunl[30263]: ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/usr/l ib/pritunl/lib/python3.7/site-packages/markupsafe/__init__.py) Mar 10 21:34:30 mscow systemd[1]: pritunl.service: Main process exited, code=exited, status=1/FAILURE Mar 10 21:34:30 mscow systemd[1]: pritunl.service: Failed with result 'exit-code'. ``` ``` dpkg: warning: downgrading pritunl from 1.30.3098.52-0debian1~buster to 1.30.3070.59-0debian1~buster (Reading database ... 56613 files and directories currently installed.) Preparing to unpack pritunl_1.30.3070.59-0debian1.buster_amd64.deb ... Unpacking pritunl (1.30.3070.59-0debian1~buster) over (1.30.3098.52-0debian1~buster) ... Setting up pritunl (1.30.3070.59-0debian1~buster) ... [email protected]:~# ./pritunl-restart [email protected]:~# systemctl status pritunl.service * pritunl.service - Pritunl Daemon Loaded: loaded (/etc/systemd/system/pritunl.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2022-03-10 21:37:36 MSK; 7s ago Main PID: 30321 (pritunl) Tasks: 1 (limit: 541) Memory: 152.1M CGroup: /system.slice/pritunl.service `-30321 /usr/lib/pritunl/bin/python /usr/lib/pritunl/bin/pritunl start Mar 10 21:37:36 mscow systemd[1]: Started Pritunl Daemon. ```

Converting standlone MongoDB to replica set on Pritunl cluster

Referring to this discussion (https://docs.pritunl.com/discuss/5e9a0d14e267e9003204a51f) it's unclear how to exactly initiate creating a MongoDB replica set since it appears that Pritunl initiates the database during the initial setup process. Currently, I have an enterprise cluster with 2 VPN nodes and 1 MongoDB node and would like to stand up a 2nd MongoDB replica node for redundancy. I've read through Mongo and Pritunl's documentation and it's not clear exactly how to accomplish this. Does anyone have any insights on the exact steps to take to convert the existing Pritunl mongo standalone into a replica set?

Add entry to iptables

Hi first time posting here, thank you for any help. I have a completely standard install in Ubuntu 20.04 I am able to add my rule to iptables manually with the intended results. Just forwarding a port to a different address. All that is perfect. The problem is after a reboot it is wiped. From the only other post on the forum regarding iptables it seems that iptables.py set iptables on startup. To fix temporary I just have a cron run every 5 minutes to check and add the correct table. My question is there an easier way to accomplish adding an iptable through Pritunl? I was considering editing iptables.py or digging into the database to see if I can add a route there? Any help is much appreciated. Thanks

pritunl service has permanently high CPU usage

Hello, I have pritunl community edition installed on my server. What has always wondered me is that the main process (which then starts pritunl-web and openvpn) is constantly (in my case) causing 5-10% CPU usage. What happens here? Is this normal? I have to say that I have only created one user in the system which is also connected. So it's not like there is a lot of activity on the server...

How to reject weak cipher suites from the server?

Hi there, Running sslyze (see output below), I noticed a non-compliant configuration to the VPN server and it doesn't seem like it's something we can control - the list of available ciphers suites. Is there a way to reject these ciphers? āžœ ~ python -m sslyze <VPN_HOST> COMPLIANCE AGAINST MOZILLA TLS CONFIGURATION -------------------------------------------- Checking results against Mozilla's "intermediate" configuration. See https://ssl-config.mozilla.org/ for more details. FAILED - Not compliant. * ciphers: Cipher suites {'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'} are supported, but should be rejected.

Pritunl windows client exception

Recently, we found that the client always fails to pass the authentication on windows, and the same ID can pass the authentication normally on MacOS, but on windows, the error "failed to authenticate..." is reported.

Pritunl and source ip tcp connections

Hello everyone. I have successfully implemented pritunl for the first time. But I am having problems with a specific application. I can't connect to the office ERP because all TCP connections are coming from the pritunl server ip instead of the VPN client ip. The ERP sees as source TCP connection the Pritunl Server IP (172.16.28.93) instead of the VPN Client IP (172.16.93.2). This is the reason why the login fails. Is there any way to remedy this? Thank you!

Influx uri for monitoring

Hello, in which file I am supposed to put this ? : influxdb://username:[email protected]:8086/pritunl Related to https://docs.pritunl.com/docs/monitoring Thanks !

Changing the date and time on a Pritunl host

Hi, How do I adjust the date and time on a Pritunl server or host? I want to sync the date and time on a Pritunl host with a NTP server. Thank you, James Pedersen